Security thread always there in WordPress. There are many factors of that. First of all, WordPress is based on PHP. PHP and WordPress both are open source. PHP is weakly typed language. WordPress team keeping update trying to more secure WordPress.
There are many WordPress plugins that provide security and make your website secure.
WordFence most popular WordPress security plugin. It always takes care of your website. It keeps eyes on malware. WordFence scans all the files of WordPress, themes, plugins, etc. When WordFence finds malware and any kind of suspicious activity it will inform you in real-time. WordFence makes your website secure and faster as well. WordFence is free but advance add-ons are paid.
How to install WordFence
Step 1: Open Dashboard and click on “Plugins”
Step 2: Click on “Add New” Button
Step 3: Enter “WordFence ” in search box
Step 4: In the result, you can see the first one is your required plugin
Step 5: Click on “Install Now” button
Step 6: Click on “Activate” button
Step 7: After few seconds plugin will activate. You can further explore it.